Tuesday, September 30, 2008

Backtrack 3 Teaser PWNS all

I realize BT3 is out, but this is an awesome video to get the word out a bit on what it can do. MUST SEE

http://www.offensive-security.com/movies/bt3teaser/bt3teaser.html

Skype 4.0 fixes it's self

Finally the new version allows you to go into "Classic Compact View". Might download it and install it tonight. Anyone wanna give it a test?
Skype 4.0 beta 2 gives you more say | Software news, tips and opinions from Download.com editors - Download.com

Updates to Process Monitor and Zoomit. Sweet

Mark's stuff is awesome. Yes, even though he works under the corporate umbrella of Microsoft.

Sysinternals Site Discussion : Updates: Process Monitor v2.0, ZoomIt v2.11, Sigcheck v1.54, Contig v1.55 | A new Mark's Blog post: The Case of the Sloooow System | New Vista Springboard webcast

Process Monitor v2.0:
This major update to Process Monitor adds real-time TCP and UDP
monitoring to its existing process, thread, DLL, file system and
registry monitoring. You can now see the TCP and UDP activity processes
performed, including the operation (e.g. connect, send, receive), local
and remote IP addresses and DNS names, and operation transfer lengths.
On Windows Vista, Process Monitor also collects thread stacks for
network operations.

Yes you can see Russia from Alaska

Dual Xeons for 165.. Time to go dedicated

Shmoo Mailing Lists

Find a roomate at ShmooCon, find DC Geeks, or work on HostAP
https://lists.shmoo.com/mailman/listinfo

Clickjacking

Finally I found a good description of Clickjacking, and find it hilarious that I used to play this game on people in High School making it impossible for them to push the button. This is just a reversal of that concept plus invisibility.

Snipped from:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9115818&intsrc=hm_ts_head

What is clickjacking? Good question. Getting to an answer, though, is a little tough, since Hansen and Grossman are keeping virtually all details confidential, at least for now. Here's how Grossman put it to Computerworld last Friday:

"Think of any button on any Web site that you can get to appear between the browser walls. Wire transfers on banks, Digg buttons, CPC advertising banners, Netflix queue.... The list is virtually endless, and these are relatively harmless examples. Next, consider that an attack can invisibly hover these buttons below the users' mouse, so that when they click on something they visually see, they actually are clicking on something the attacker wants them to."

Yet another saved password location

SQL Server 2005 Management password extraction - Easy as pie... Apple pie
http://blog.didierstevens.com/2008/09/29/quickpost-sql-server-2005-management-studio-and-password-management/

Monday, September 29, 2008

Make an video avatar

Make a video avatar suitable for any forum. Just submit, time and download:
http://www.vtubetools.com/gifmaker/

Apple Ultracompact USB Power Adapter Exchange Program

Broke it already? Well, they have a recall going on. Check it out.

https://supportform.apple.com/200809/

MobaLiveCD - Portable LiveCD Virtualization

Boot a LiveCD anywhere on any windows box, without having to install VMware:
http://mobalivecd.mobatek.net/en/index.php

Step by step - Make your own Wordpress theme

This post is geared to a few friends who I know are currently in a transitional period:
http://themetation.com/2008/07/14/how-to-create-wordpress-themes-from-scratch-part-1/

RSnake's XSS Cheatsheet

Sensepost's List of tools

Awesome tools that get so little attention:

http://www.sensepost.com/research_tools.html

Video about Social Networking Privacy

Useful Wallpaper

Virus Total

If you haven't been here yet, it's a great place to check a file to see if it is a virus, you can also see some basic PE data:
http://www.virustotal.com/

Separate Feeds on Blogspot

Youtube now allowing 1GB files. Woot

Not like I actually posted Youtube videos, but hey. Cool beans

http://lifehacker.com/5056485/youtube-bumps-video-clip-upload-size-to-1gb

(IN)SECURE Magazine Issue 18 is out

Started printing this on Friday not realizing that it's over 100 pages of color... Oops, glad it's not my dime... Thank you 700 billion dollar bailout. ;-)

http://www.net-security.org/insecuremag.php

Numb3rs returns October 3rd at 10pm et/pt

SecApps and GHDB

GNUCITIZEN - Google Hacking Database
http://www.secapps.com/

Automated? SQL Injection Framework

Something I don't like about the word Automated and "SQL Injection" together.
http://www.darknet.org.uk/2008/09/bsql-hacker-automated-sql-injection-framework/

Old Article on Packers and Unpackers

Authentication-less File Copy (SAM?)

Random Futurama Quote from Slashdot Trolls

Phreaknic Twitter Search

IP Address Regular Expression

http://riskable.com/2008/09/17/tip-regular-expression-to-match-any-ip-address-in-foxyproxy

https?://[1-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.*

Pyrit

http://code.google.com/p/pyrit/

Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK,
the protocol that today de-facto protects public WIFI-airspace. The
project's goal is to estimate the real-world security provided by these
protocols. Pyrit does not provide binary files or wordlists and does
not encourage anyone to participate or engage in any harmful activity. This is a research project, not a cracking tool.

Pyrit's implementation allows to create massive databases,
pre-computing part of the WPA/WPA2-PSK authentication phase in a
space-time-tradeoff. The performance gain for real-world-attacks is in
the range of three orders of magnitude which urges for re-consideration
of the protocol's security. Exploiting the computational power of GPUs,
Pyrit is currently by far the most powerful attack against one of the world's most used security-protocols.

Wednesday, September 24, 2008

My Links

So this is where I will blog about things I find on the internet that I think is interesting and it won't contain much more than a link, embed and maybe a few comments.